| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors. |
| Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows local users to bypass intended IP-based access restrictions via unspecified vectors. |
| Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors. |
| EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors. |
| EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors. |
| CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation. |
| Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL. |
| The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock. |
| IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface. |
| Apple TV before 6.1 does not properly restrict logging, which allows local users to obtain sensitive information by reading log data. |
| The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name. |
| CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction. |
| WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application. |
| Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action. |
| IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. |
| The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS. |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. |
| Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-2777. |
| The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka "MSCOMCTL ASLR Vulnerability." |
| The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly implement file associations, which allows local users to gain privileges via a crafted application, as exploited in the wild in May 2014, aka "Windows Shell File Association Vulnerability." |